Trust Wallet Chrome Extension Hack Drains $7 Million in Crypto; Users Urged to Update and Protect Wallets

Compromised browser wallet code led to massive crypto theft and a secondary wave of phishing.

Flawed extension triggers emergency update

Trust Wallet has issued an urgent warning to users after a security incident involving its Google Chrome browser extension caused an estimated $7 million in cryptocurrency losses. The company confirmed the issue was confined to extension version 2.68 and urged users to update immediately to version 2.69 to mitigate further exposure.

In a public statement, Trust Wallet acknowledged the scale of the issue and said it is preparing a refund process for affected users. The company said supporting impacted customers is its top priority and it will share further guidance once the remediation steps are finalized.

Malicious code harvested wallet credentials

Independent blockchain security firm SlowMist reported that the compromised extension hosted malicious code capable of iterating through stored wallets and prompting users to provide their mnemonic recovery phrases. According to the researchers, the extension decrypted phrases locally using the user’s password before transmitting the data to a server controlled by the attackers.

The exfiltration endpoint was linked to a newly registered domain that became active shortly before the thefts began. The threat actors used an open-source analytics library to collect additional user data, suggesting a deliberate, sophisticated operation that may be linked to an advanced persistent threat (APT) group, researchers said.

Stolen funds traced to exchanges and active wallets

Another blockchain security firm, PeckShield, estimated that more than $6 million in digital assets were stolen during the incident. Most of the funds were quickly routed to cryptocurrency exchanges, while a significant portion remains in attacker-controlled wallets, indicating that investigations and tracking efforts are ongoing.

Trust Wallet said the breach did not affect its mobile applications or other browser extensions. However, the company warned users to be cautious of unsolicited messages and emphasized that official updates would only be shared through its verified channels.

Phishing campaign exploited user confusion

As the incident unfolded, attackers reportedly launched a parallel phishing campaign designed to capitalize on user panic. Fake social media accounts directed victims to a spoofed website posing as a Trusted Wallet fix, which prompted users to enter their recovery phrases.

Investigators noted similarities between the phishing infrastructure and the malicious extension’s backend, including shared registration patterns, suggesting a coordinated effort by the same threat actors to maximize financial gain during the crisis.

Enhancing security against crypto wallet thefts

Incidents like this emphasize how quickly browser-based attacks can escalate into real financial losses for everyday users. While keeping extension and apps updated is critical, it is often not enough on its own.

Dedicated software like Bitdefender Ultimate Security adds an extra layer of protection by blocking malicious websites, phishing pages and scam attempts before users interact with them. Its web protection and scam detection features are designed to stop fake support pages, credential-harvesting sites and other threats commonly associated with wallet-related attacks, helping reduce the risk of seed phrase theft or account compromise.